With development of terminals, people gradually focus on security issues. The security issues involve aspects such as security protection, enterprise environment, connection security, and mobile payment. It is difficult to guard against a mobile payment type Trojan horse because the Trojan horse may be disguised as different applications to trick users into downloading and installing the applications. In addition, fraud short message service (SMS) messages and mobile phone loss also pose a threat to terminal security.
With occurrence of various security problems, a login password already cannot satisfy an operation having a high security risk. Application developers generally protect login and sensitive operations of applications by means of two-factor authentication, and using an SMS verification code is a most common way. A main objective of the SMS verification code is identity identification. In a Rich (Rich Operation System, a rich operating system having a strong processing capability and multimedia function, such as Android™ or iOS™) environment, an application may apply for an SMS permission, to read all SMS messages in the Rich environment and obtain SMS verification codes from the messages. SMS listening requires the following SMS permissions: a permission of reading an SMS message, a permission of processing a read SMS message, a permission of sending an SMS message, and a permission of editing an SMS message. Android™ mobile phone viruses can obtain the SMS permissions, to intercept and forward SMS verification codes for stealing by stealers. Even though login and sensitive operations of applications are protected by means of two-factor authentication, operation security is still relatively low.